Long-lived credentials and static password authentication poses a real risk to your organization. GCM issues credentials on demand for initial log in and rotates credentials in as little as 10 minutes for SAML-based users and less for SSH environments and PKI-based authentication.

GCM binds identities to devices, making it impossible for cyber criminals to use credentials to gain access to your network even if they were to obtain the credential itself. Device anchoring eliminates the risk of remotely executed credential-based attack.

GCM uses platform configuration registers (PCRs) to continuously attest that a device or identity is not compromised. Using PCRs enables GCM to eliminate spoofing and validate certain conditions at system boot and during specified events on the machine. If a PCR hash value changes in a manner that indicates a device is compromised, GCM will not issue new credentials on that device and existing credentials tied to that identity and anchored to that device will be revoked.